AI Engineer · Cybersecurity & IT Risk

Hi, I’m Pawan Bhandari

I work at the intersection of AI and cybersecurity. On one side, I design retrieval systems, agent pipelines, and the evaluation harnesses that keep them honest. On the other, I evaluate security controls and IT risk, and document the evidence behind both. I build things that hold up in production.

Connect on LinkedInView GitHubRead writing

Tools & frameworks I work with

PythonPyTorchLangChainFastAPIPostgreSQLAWSTerraformDockerKubernetesGitHub ActionsSplunkWiresharkNIST 800-53ISO 27001SOC 2MITRE ATT&CKOpenTelemetryVector DBsPythonPyTorchLangChainFastAPIPostgreSQLAWSTerraformDockerKubernetesGitHub ActionsSplunkWiresharkNIST 800-53ISO 27001SOC 2MITRE ATT&CKOpenTelemetryVector DBs

Services

What I do.

Four capabilities I bring to AI and IT-risk programs.

AI Engineering

Designing retrieval pipelines, agent systems, and LLM applications, with the evaluation harnesses and guardrails required to run them in production.

Cybersecurity Controls

Evaluating and testing IT general controls, design effectiveness, operating effectiveness, and the evidence each one produces for audit.

IT Risk Governance

Aligning security programs with policy, regulatory requirements, and the risk appetite the business actually operates by.

Analytics & Reporting

Applying data analysis to surface anomalies, strengthen metrics, and give leadership a clearer picture of what is and is not working.

Credentials

Certifications.

Industry credentials across security, governance, and delivery.

ISACA
CISM
Security Management
CompTIA
CySA+
Security Analytics
CompTIA
PenTest+
Offensive Security
CompTIA
CASP+
Advanced Security
ISC2
CC
Cybersecurity
PMI
PMP
Project Management

Focus

Areas I concentrate on.

AI Systems
  • retrieval-augmented generation
  • agent pipelines
  • LLM infrastructure
  • evals & guardrails
Risk & Governance
  • IT risk assessment
  • control evaluation
  • policy alignment
  • regulatory mapping
Control Assurance
  • IT general controls
  • control testing
  • root-cause analysis
  • exception tracking
Security Analytics
  • anomaly detection
  • metrics reporting
  • evidence automation
  • audit data review

Writing

Latest notes.

Short essays on AI, security, and IT risk.

7 min read

Random Forests, from first principles

A six-minute tour of why random forests work, decision trees, the two tricks that tame them, and the place where they quietly stop being the right tool.

ml · tabular
6 min read

MLOps, without the hype deck

MLOps is what the job actually is: data, training, serving, and the monitoring loop that catches the silent failures before your users do.

mlops · infra
6 min read

GenAI: from software, through automation, to agents

Three eras of software in one diagram. What changes when the system has to reason, and what breaks if you treat it like it doesn't.

genai · agents
All writing

Let’s connect

Open to roles in AI and cybersecurity.

Currently exploring remote opportunities across AI engineering, controls assurance, and security governance.

LinkedInGitHub